blumeops

History

Erich Blume 2daf6291b7 Replace dead Prowler IaC mutelist with Trivy ignorefile shim Prowler's IaC provider hardcodes self._mutelist = None and delegates filtering to Trivy, but doesn't plumb --ignorefile through. The original attempt with --mutelist-file silently no-op'd. Add a wrapper around trivy in our image that injects --ignorefile $TRIVY_IGNOREFILE on `fs` subcommands; switch the IaC cronjob to mount a Trivy-format trivyignore.yaml and set the env var. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-04-28 09:50:31 -07:00
..
apps	Deploy Paperless-ngx document management (#328 )	2026-04-08 17:54:12 -07:00
manifests	Replace dead Prowler IaC mutelist with Trivy ignorefile shim	2026-04-28 09:50:31 -07:00

Erich Blume 2daf6291b7 Replace dead Prowler IaC mutelist with Trivy ignorefile shim

Prowler's IaC provider hardcodes self._mutelist = None and delegates
filtering to Trivy, but doesn't plumb --ignorefile through. The original
attempt with --mutelist-file silently no-op'd. Add a wrapper around
trivy in our image that injects --ignorefile $TRIVY_IGNOREFILE on `fs`
subcommands; switch the IaC cronjob to mount a Trivy-format
trivyignore.yaml and set the env var.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-04-28 09:50:31 -07:00

apps

Deploy Paperless-ngx document management (#328 )

2026-04-08 17:54:12 -07:00

manifests

Replace dead Prowler IaC mutelist with Trivy ignorefile shim

2026-04-28 09:50:31 -07:00